Here’s one of the biggest shoes to tumble so far: Twitter has disclosed that when iPhone users visits the friend-finding feature in the Twitter app for iOS, the device’s address book is uploaded to Twitter and stored for 18 months.

Meanwhile, The Verge’s Dieter Bohn has an excellent guide to the address-book-uploading mess, including details on what various apps are doing and advice on what they should be doing.

There’s no evidence that any of the companies involved have been doing anything nefarious, such as selling the data; the issue’s that they’ve been too blithe about taking and storing confidential information without clearly explaining what’s going on. Some of them have also been violating Apple’s rules, which state that apps must disclose what they’re doing.

It seems obvious that the proper way to deal with all this is for iOS to lock down you address book and let you grant access to apps on a case-by-case basis, as it does with other sensitive info such as your location. It’s not clear why Apple didn’t do this in the first place, but it now says that it will. Soon, I hope.